said by user2008:Really? I thought I could just forward IP/50 [ESP] on to the server. Thanks, though.
EDIT - Isn't IPSec ESP compatible with NAT? I know that IPSec AH [51] isn't, but my sources say that ESP is OK with it.
Microsoft doesn't recommend IPSec NAT-T (UDP 4500) for a VPN server behind NAT: »
support.microsoft.com/kb/885348You're likely to experience problems with clients behind NAT with IPSec/L2TP if you can't enable it though.